davej Posted April 29, 2011 Share Posted April 29, 2011 Can parameterized strings still be vulnerable to SQL injection? Link to comment Share on other sites More sharing options...
Synook Posted April 30, 2011 Share Posted April 30, 2011 Yes - for example, you may not parameterise everything by mistake, the parameterisation logic may have vulnerabilities in it, your code may allow the pre-parameterisation SQL string to be modified through other means, etc. However, the risk is still probably much reduced. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.